/**
* Get a signup token
* @return string signupToken
*/
public static function getSignupToken()
{
if (!LoginForm::getCreateaccountToken()) {
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
LoginForm::setCreateaccountToken();
}
return LoginForm::getCreateaccountToken();
}
/**
* Make sure requests with invalid emails are invalid.
* @expectedException UsageException
*/
public function testInvalidEmail()
{
$this->doApiRequest(array('action' => 'createaccount', 'name' => 'Test User', 'token' => LoginForm::getCreateaccountToken(), 'password' => 'password', 'email' => 'invalid'));
}
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
}
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
}
$params = $this->extractRequestParams();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
$this->dieUsage('Invalid language parameter', 'langinvalid');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
if ($params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'NeedToken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
$this->dieStatus($status);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'Warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
ApiResult::setIndexedTagName($warning['params'], 'param');
}
ApiResult::setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'Success';
}
// Give extensions a chance to modify the API result data
Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
$apiResult->addValue(null, 'createaccount', $result);
}
public function execute()
{
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
// If we showed up language selection links, and one was in use, be
// smart (and sensible) and save that language as the user's preference
global $wgLoginLanguageSelector, $wgEmailAuthentication;
if ($wgLoginLanguageSelector && $params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'needtoken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
// Cannot use dieUsageMsg() directly because extensions
// might return custom error messages.
$errors = $status->getErrorsArray();
if ($errors[0] instanceof Message) {
$code = 'aborted';
$desc = $errors[0];
} else {
$code = array_shift($errors[0]);
$desc = wfMessage($code, $errors[0]);
}
$this->dieUsage($desc, $code);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
$apiResult->setIndexedTagName($warning['params'], 'param');
}
$apiResult->setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'success';
}
$apiResult->addValue(null, 'createaccount', $result);
}
/**
* Generates a template with the login form and registration form already filled into
* it and other settings populated as well. This template can then be executed with
* different EasyTemplates to give different results such as one view for ajax dialogs
* and one view for standalone pages (such as Special:Signup).
*/
public static function getTemplateForCombinedForms($static = false, $lastmsg = "", &$ajaxLoginForm = "")
{
global $wgRequest;
// Setup the data for the templates, similar to GetComboAjaxLogin.
if (session_id() == '') {
wfSetupSession();
}
// TODO: Invstigate why this was here.
//if ($wgRequest->getCheck( 'wpCreateaccount' )) {
// return "error";
//}
$tmpl = new EasyTemplate(dirname(__FILE__) . '/templates/');
$response = new AjaxResponse();
$type = $wgRequest->getVal('type', '');
if (!wfReadOnly()) {
if (empty($ajaxLoginForm)) {
$ajaxLoginForm = new AjaxLoginForm($wgRequest);
}
$ajaxLoginForm->execute($type);
if (!empty($ajaxLoginForm->ajaxTemplate)) {
$lastmsg = $ajaxLoginForm->ajaxTemplate->data['message'];
$tmpl->set('message', $ajaxLoginForm->ajaxTemplate->data['message']);
$tmpl->set('messagetype', $ajaxLoginForm->ajaxTemplate->data['messagetype']);
}
$tmpl->set("registerAjax", $ajaxLoginForm->ajaxRender());
}
$isReadOnly = wfReadOnly() ? 1 : 0;
$tmpl->set("isReadOnly", $isReadOnly);
if (!LoginForm::getLoginToken()) {
LoginForm::setLoginToken();
}
$tmpl->set("loginToken", LoginForm::getLoginToken());
if (!LoginForm::getCreateaccountToken()) {
LoginForm::setCreateaccountToken();
}
$tmpl->set("createToken", LoginForm::getCreateaccountToken());
// Use the existing settings to generate the login portion of the form, which will then
// be fed back into the bigger template in this case (it is not always fed into ComboAjaxLogin template).
$returnto = $wgRequest->getVal('returnto', '');
if (!($returnto == '')) {
$returnto = "&returnto=" . wfUrlencode($returnto);
}
$returntoquery = $wgRequest->getVal('returntoquery', '');
if (!($returntoquery == '')) {
$returntoquery = "&returntoquery=" . wfUrlencode($returntoquery);
}
$loginaction = Skin::makeSpecialUrl('Signup', "type=login&action=submitlogin" . $returnto . $returntoquery);
$signupaction = Skin::makeSpecialUrl('Signup', "type=signup" . $returnto . $returntoquery);
$tmpl->set("loginaction", $loginaction);
$tmpl->set("signupaction", $signupaction);
$tmpl->set("loginerror", $lastmsg);
$tmpl->set("actiontype", $type);
$tmpl->set("showRegister", false);
$tmpl->set("showLogin", false);
if ($static) {
if (strtolower($type) == "login") {
$tmpl->set("showLogin", true);
} else {
if (!$isReadOnly) {
$tmpl->set("showRegister", true);
}
}
}
$tmpl->set("ajaxLoginComponent", $tmpl->render('AjaxLoginComponent'));
return $tmpl;
}
private function displayForm()
{
if (session_id() == '') {
wfSetupSession();
}
if (!LoginForm::getCreateaccountToken()) {
LoginForm::setCreateaccountToken();
}
$token = LoginForm::getCreateaccountToken();
# block_join
$html = Xml::openElement('div', array('class' => 'block block_join'));
$html .= Xml::element('h3', array('class' => 'title'), wfMessage('sz-mp-joinus')->text());
# inside
$html .= Xml::openElement('div', array('class' => 'inside'));
global $wgServer;
$html .= Xml::openElement('form', array('id' => 'userloginS', 'action' => $wgServer . '/index.php?title=Special:UserLogin&action=submitlogin&type=signup&from=SpecialWelcome', 'method' => 'post', 'name' => 'userlogin'));
$html .= Xml::openElement('p');
$html .= Xml::element('label', array('for' => 'wpNameS', 'class' => 'sread'), wfMessage('yourname')->text());
$html .= Xml::element('input', array('id' => 'wpNameS', 'name' => 'wpName', 'placeholder' => wfMessage('sz-mp-yourname')->text()));
$html .= Xml::closeElement('p');
$html .= Xml::openElement('p');
$html .= Xml::element('label', array('for' => 'wpPasswordS', 'class' => 'sread'), wfMessage('yourpassword')->text());
$html .= Xml::element('input', array('id' => 'wpPasswordS', 'type' => 'password', 'name' => 'wpPassword', 'placeholder' => wfMessage('sz-mp-yourpassword')->text()));
$html .= Xml::closeElement('p');
$html .= Xml::openElement('p');
$html .= Xml::element('label', array('for' => 'wpRetypeS', 'class' => 'sread'), wfMessage('yourpasswordagain')->text());
$html .= Xml::element('input', array('id' => 'wpRetypeS', 'type' => 'password', 'name' => 'wpRetype', 'placeholder' => wfMessage('sz-mp-yourpasswordagain')->text()));
$html .= Xml::closeElement('p');
$html .= Xml::openElement('p');
$html .= Xml::element('label', array('for' => 'wpEmailS', 'class' => 'sread'), wfMessage('youremail')->text());
$html .= Xml::element('input', array('id' => 'wpEmailS', 'name' => 'wpEmail', 'placeholder' => wfMessage('sz-mp-youremail')->text()));
$html .= Xml::closeElement('p');
$html .= Xml::openElement('p', array('class' => 'submit'));
$html .= Linker::link(SpecialPage::getTitleFor('UserLogin'), wfMessage('login')->text());
$html .= Xml::element('label', array('for' => 'wpCreateaccountS', 'class' => 'sread'), wfMessage('createaccount')->text());
$html .= Xml::element('input', array('id' => 'wpCreateaccountS', 'name' => 'wpCreateaccount', 'type' => 'submit', 'value' => wfMessage('sz-mp-enter')->text()));
$html .= Xml::closeElement('p');
$html .= Xml::element('input', array('name' => 'wpCreateaccountToken', 'type' => 'hidden', 'value' => $token));
$html .= Xml::closeElement('form');
# /inside
$html .= Xml::closeElement('div');
# /block
$html .= Xml::closeElement('div');
return $html;
}
